Category Archives: Authenticate

Amped Authenticate Update 11362: JPEG Dimples, Improved JPEG HT, Social Media Identification, and much more!

Not long has passed since the release of Amped Authenticate 10641 but… yes, the next one is already out! Amped Authenticate 11362 is now released with a lot of improvements, including two new filters based on JPEG Dimples, one of the last discoveries of the image forensics scientific community!

JPEG Dimples

Despite many attempts to send JPEG into retirement, today the vast majority of digital images still use it. Amped Authenticate users know that traces left by JPEG compression are a superb asset when it comes to investigating the digital history of an image, as witnessed by the vast JPEG-based toolkit that Authenticate provides: quantization table analysis, JPEG ghosts, inconsistencies in blocking artifacts, double quantization traces in the DCT coefficients, and more.

But JPEG is still full of new surprises nowadays! A few months ago, while Amped was attending (and sponsoring!) the IEEE 2017 International Workshop on Information Forensics and Security (WIFS 2017), a new footprint was presented to the scientific community: JPEG Dimples (click here to see the original work Photo forensics from JPEG dimples by Shruti Agarwal and Prof. Hany Farid).

JPEG Dimples manifest themselves as a grid of slightly brighter/darker pixels, spaced by 8 pixels in each dimension. Like most image forensic fingerprints, even JPEG Dimples are hardly visible by the human eye, but they can be easily detected with a proper algorithm.

But why does this grid appear? And why is it important for our analysis? We’ll answer these questions in detail in a future blog post, however the reason behind JPEG Dimples is rather simple: during the DCT coefficients quantization phase, different operators exist to approximate decimal values to integer values: the round operator (which approximates the decimal number to the nearest integer) the floor operator (approximation to the nearest smaller integer) or the ceil operator (approximation to the nearest bigger integer). The table below shows the difference in approximating a Value (first column) to an integer using round, floor and ceil.

Value Round Floor Ceil
9.8 10 9 10
6.3 6 6 7
4.5 5 4 5
-7.3 -7 -8 -7

Obviously, using floor tends to produce smaller values in the 8-by-8 DCT block than using round, and the opposite with ceil. And when we go back to the pixel domain, this leads to a slightly darker or brighter pixel on the top-left corner of the pixel block (see example below)! Measuring the presence of this grid will tell us to which degree an image contains the JPEG Dimples footprint.

Image showing Dimples

Example of an image showing strong JPEG Dimples

Now you may be wondering “well, how many cameras will ever be using floor or ceil in place of the more classical round?” Not so few, actually. According to the work presented at WIFS 2017, more than 60% of tested cameras do introduce Dimples. We also carried out an internal evaluation on Amped datasets and numbers were less upsetting, still, we found Dimples in roughly 30% of tested cameras. A footprint with such a spread could not be missing in Amped Authenticate, and so here we are. Continue reading

There’s More to an Image than Meets the Eye

When using an image as evidence during a court case, the point of view it represents acquires a resonance much stronger than the testimony of a witness. With video, this is even more true, as we may understand the dynamics even from the frames and any additional information which may be gleaned from the audio track.

Nowadays, there are many free and easy tools which can be used to modify pictures with ease, and thus the authentication of images is of paramount importance. But even more importantly, we need to understand how much data there is in an image, in addition to what we can already see.

Read the full article published in Lawyer Monthly.

Identify Social Media Files with Amped Authenticate

Amped Authenticate Update 10641 introduced the new Social Media Identification filter. It can be found in the File Analysis filter group.

The filters in the File Analysis group are generally looking at the file’s container to return relevant information about the file. The Social Media Identification filter examines the file for traces of information that may indicate the file’s social media source. The key word here is “may.”

The workflow that I will explain here is typical in the US and Canada. Take from it what you need in order to apply it to your country’s legal system.

Let’s begin.

Continue reading

Digital images – trust must be earned

The science behind forensic image analysis is growing fast and constantly evolving. Even within the last 5 years, the ability to take a photo, manipulate it to tell a different story, and circulate the misinformation online has become infinitely easier. The advent of smartphones, convenient digital image manipulation software and easy dissemination of information are throwing up new challenges that investigators and forensic technicians must adapt to.

Unfortunately, it is too risky to simply take digital images at face value. Instead, we must ask and have the tools to query, such as “Where did the image or video originate from?”; “Who provided it and is there any reason they might have modified it?”; “Is it a camera-original?”; and “Do I believe this is a true and accurate representation of events?”

To give a practical example, back in the summer of 2017, two images featured prominently in the initial reporting of Hurricane Harvey. The first was of a shark swimming along the Houston freeway. The second showed several aeroplanes virtually underwater at what was claimed to be Houston airport. These iconic images were circulated widely on Twitter and were featured on mainstream national media such as Fox News. There was just one small problem. Neither situation had actually occurred!

If this behaviour is widespread on social and traditional media, then why shouldn’t we believe it is also impacting police and legal investigations? After all, if members of the public are prepared to manipulate images for the sake of a few likes and retweets, what will they be prepared to resort to when the stakes are much higher?

Read the full article published in eForensics Magazine.

 

Amped Authenticate & Griffeye Analyze DI Pro: a synergy that empowers forensic analysts!

The partnership between Amped Software and Griffeye keeps growing and so does the integration between Griffeye Analyze DI Pro and Amped Authenticate. Analyze DI Pro is a media investigation software for handling large volumes of images and videos, filter irrelevant digital files, prioritize, correlate and identify the most pertinent material in investigations. It will let you scan and import data from a device or from a folder on your workstation. Once the import is complete, you can easily browse and intelligently sort/filter media.

In this post, we’ll take a look at what Griffeye Analyze DI Pro enables you to do when linked with the Amped Authenticate plugins. Let’s create a case and import a folder containing a few JPEG files.

Analyze DI Pro lets you look at image metadata, and Amped Authenticate users know how interesting they are, but, we also know that a single image may contain hundreds of Exif metadata, and reading all of them is quite a boring job. Luckily, from the very same panel above we can call in Amped Authenticate File Format Analysis to automatically spot suspicious metadata. Once you installed Authenticate and the corresponding plugin in Analyze DI Pro, this is just as simple as right-clicking on one or all the images and then hit the “Plugin” voice and select “Amped Authenticate – File Format Analysis” from the pop-up list as shown below.

Continue reading

Amped Authenticate Update 10641: Social Media Identification, Griffeye Integration & Many New Filter Options

Hi everyone!

David Spreadborough here, the International Trainer at Amped Software. It’s great to be back writing a blog post. The past few months have been very busy at Amped and our image authentication software, Amped Authenticate, has become the ‘go-to’ tool for many requiring an image’s history or to identify signs of manipulation. Helped maybe by the huge amounts of press detailing fake stories and images.

In this crazy world of multimedia forensics, we cannot stand still. The tech wizards at Amped HQ have been hard at work integrating new filters and tools to assist you further. So, let’s dive in and take a look!

Social Media Identification Filter

Under the File Analysis category, you will find this new filter.

Its purpose is to detect traces in the file formats left on images by social media platforms. As most of you probably already know, it is very easy to save other people’s images from sharing sites. With a simple right-click, you can save the displayed image to your computer.

An image from someone’s Facebook timeline

This filter now enables you to identify if the images you are examining originate from a Social Media Platform.

Continue reading

Fraud in Science: the Bigger Picture

Cases of fraud within published scientific research are on the rise, with several recent cases involving the falsification of images.

Scientists are subjected to exactly the same pressures and temptations that drive people to commit fraud in all manner of environments and for various reasons. Sometimes the motivation is commercial; perhaps to obtain a research grant or to enhance the profile of the institution and attract more applications. In others it might be professional; to get published in a prestigious Journal or simply to save face after an experiment has failed to deliver the desired
results.

Regardless of the justification, when these actions have legal consequences it is important to have the tools to detect when such fraud occurs. And more importantly to have the ability
to scientifically prove this in a court of law.

Multimedia forensics is invaluable within cases of research fraud, both for presenting a case or defending the accused. However, it’s not good enough to simply bring in an expert witness and have them confidently present their case. Tools exist to carry out the analysis in line with the scientific methodology, giving the judge and in some cases the jury, a basis upon which to evaluate the full weight of the evidence. Consider it ironic, but if the right software is adopted within the legal system then the scientific method may just prove to be the answer to the current crisis facing scientific integrity.

Read the full article published in The Barrister.

Improved PRNU-Based Forgery Localization

In a past post, we presented several improvements we did to Amped Authenticate’s Camera Identification filter based on PRNU analysis. Those improvements propagated also to the PRNU Tampering filter so that Amped Authenticate also features an improved algorithm for forgery localization. Improvements mainly include:

Peak-to-Correlation Energy-based (PCE) analysis
During block-based analysis, the PCE is computed and the point yielding the maximum PCE value (peak) is considered. If the peak is in the expected position, the block is considered authentic; if the peak is in a different position, then the PCE value is compared with a threshold to decide the authenticity of the block.

Support for multi-core processing
If your CPU features multiple logical cores, block-based analysis will run in parallel, thus reducing the computation time.

Faster, easier training
Thanks to PCE robustness, there is no need to train a separate model for forgery detection: you can use the same .crp file created for Camera Identification.

Forgery localization for cropped images
If the image is cropped and/or rotated before or after manipulation, the PRNU Tampering filter will detect cropping, compensate for it and run the forgery localization algorithm. The same applies to resizing and/or rotation. Combination of resizing and cropping is not supported yet.

Alert for unreliable regions
PRNU-based forgery localization is not reliable in saturated areas (i.e., totally white or black regions of the image). Indeed, for those pixels, it is impossible to discriminate between the image content and the actual sensor noise. The new version of PRNU-based forgery localization enables highlighting of white and black saturated pixels (marked in yellow and blue, respectively), in order to help the analyst rule out false alarms. Continue reading

All is not as it seems

Digital images are frequently used to provide supporting evidence within papers and reports, yet are not routinely submitted to any scientific process of authentication. In a world in which the tools to digitally manipulate an image are freely available, it’s no longer acceptable to simply take these images at face value.

The past 12 months has seen the scientific community rocked by a series of scandals relating to the use of manipulated images within published scientific research.

Researchers’ ambition to gain scientific exposure, to achieve career advancement or to secure funding, can drive them to embellish their results in order to attain their goals in the increasingly competitive world of scientific discovery. Equally, the pressure to publish can see them stumbled across doctored images and incorporate them by mistake. In these cases, not only is the individual’s reputation at risk, but also their colleagues’ who are oblivious to the altered nature of the images. The impact of these images is extensive and far-reaching: they threaten to endanger the name of the organization for which the researcher is working, as well as calling into question the integrity of the scientific community at large. This is a critical issue in the current technological day and age, yet very little is being done to address it. Bearing in mind the damage that doctored images can do, scientific publishers and research institutes ought to be more rigorous when setting out the requirements for images that are used in papers.

If some basic screening were applied more extensively to scientific publications, with minimal effort we would be in a much better position to guarantee, or dispute, the authenticity of images within scientific papers for the benefit of science and its wider community.

Working to detect image manipulation in the world of science is a long-term battle, just as it is in photojournalism, forensics, and in any other field where image manipulation is a growing threat to the veracity of images.

Read the full article published in Laboratory News.

It’s time to get real about fake imagery

As technology has enabled mainstream, widespread image manipulation, it is not surprising that there has been a huge increase in the number of tampered images which find their way into a wide spectrum of industries and sectors. Incidents of doctored images frequently appear in mainstream media where they incite cries of “fake news”.

For example, a photo at the G20 summit this year featured a photoshopped president Putin, giving the impression that he was colluding with president Donald Trump.  The photo proceeded to spread like wildfire across the internet, instigating huge political ramifications from a digital fabrication which would have taken a few minutes to create on a laptop. Last August also showed our vulnerability to tampered photos, with the circulation of a photoshopped image of a shark swimming up the freeway during hurricane Harvey indicating a larger problem with major international news outlets spreading the image as genuine.

Equally there is significant evidence of doctored images being used to support fraudulent scientific research internationally. Doctored experiment results and images continue to rock the research industry with every new fraudulent revelation.   A prominent cancer research scientist in Italy has been under investigation for using a photography studio to manipulate images pivotal to the crux of the “ground breaking” research. Indeed, the journal Nature has suggested that up to 1 in 5 scientific papers contain evidence of some sort of manipulation.

It is clear therefore, that when the stakes are high enough, people will manipulate the truth, and unfortunately given our tendency to trust photographic images, it seems that it is currently worth their while to do so. When the stakes are as high as imprisonment, it is easy to see how tempting it may be to manipulate an image to support an alibi or a particular version of events.

Unfortunately, security investigations are by no means immune to this phenomenon either. In fact, given the increase in the sources of digital images, the integrity of evidence in such investigations is at its all-time most vulnerable. Body worn cameras, smart phones and increasingly sophisticated CCTV surveillance means that investigators are now dealing with a fast-growing pile of unverified evidence.

Read the full article published in The Intersec Journal of International Security.